A nice article on the subject, focused firmly on infrastructure, written by Pete Lindstrom at Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art927,00.html The two opening para's sum it up nicely: The time...

I talk to many people about threat modeling. All the time! Invariably, an idea pops into my head about about ways to streamline things, or make them more concrete or usable. Just recently, I scribbled down some notes about threat modeling. I assume you...

Ages ago, I wrote a little DHTML tool to help people determine the appropriate authentication settings to use with different browsers, servers and Web servers. It helped a good many people, but it was simple. Today, the IIS team has released a much more...

"Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2" is now available here . From the abstract: Windows® XP Service Pack 2 introduces a number of security features and technologies to help protect against attacks on computers...

Last night I bought a shiny new PC for home; it's based on an AMD Athlon 64 FX, with 2x160Gb SATA RAID-0 drives, 1Gig of RAM and an nVidia GeForce 6800 Ultra. It's pretty quick :) I got the AMD Athlon CPU primarily for the Data Execution Protection support...

The Windows Privacy Statement highlights 27 components that have historically been of interest to privacy advocates and customers, and the 6 page IE Privacy Statement highlights some of the new IE features including “Pop up Blocker”, “Untrusted Publishers...

I'm just gonna give a diff this time Chapter 16, Page 515 The URL for SiteLock is now incorrect – the new link is http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/samples/internet/components/sitelock .

There's been a little confusion about raw sockets and Windows XP SP2. Hopefully, this little entry from the "Changes in functionality..." doc (see my last blog entry for an URL to the doc) should explain things a little better: A very small number of...

I was asked by a TechEd attendee which web sites often visit. I scan the following every morning, just to see if there's any little tidbits of useful stuff:
http://security-protocols.com/
http://www.csoonline.com/
http://www.governmentsecurity...

I'm in New Zealand right now, talking at TechEd. A customer asked me where he could find list of all my old “Code Secure” columns on MSDN. I wasn't aware but things have moved around a little on msdn.microsoft.com, making it a little hard...